#!/bin/bash -eu
# Copyright 2016 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

echo "---------------------------------------------------------------"

if [ "$SANITIZER" = "dataflow" ] && [ "$FUZZING_ENGINE" != "dataflow" ]; then
  echo "ERROR: 'dataflow' sanitizer can be used with 'dataflow' engine only."
  exit 1
fi

if [ "$FUZZING_LANGUAGE" = "jvm" ]; then
  if [ "$FUZZING_ENGINE" != "libfuzzer" ]; then
    echo "ERROR: JVM projects can be fuzzed with libFuzzer engine only."
    exit 1
  fi
  if [ "$SANITIZER" != "address" ] && [ "$SANITIZER" != "coverage" ] && [ "$SANITIZER" != "undefined" ]; then
    echo "ERROR: JVM projects can be fuzzed with AddressSanitizer or UndefinedBehaviorSanitizer only."
    exit 1
  fi
  if [ "$ARCHITECTURE" != "x86_64" ]; then
    echo "ERROR: JVM projects can be fuzzed on x86_64 architecture only."
    exit 1
  fi
fi

if [ "$FUZZING_LANGUAGE" = "python" ]; then
  if [ "$FUZZING_ENGINE" != "libfuzzer" ]; then
    echo "ERROR: Python projects can be fuzzed with libFuzzer engine only."
    exit 1
  fi
  if [ "$SANITIZER" != "address" ] && [ "$SANITIZER" != "undefined" ]; then
    echo "ERROR: Python projects can be fuzzed with AddressSanitizer or UndefinedBehaviorSanitizer only."
    exit 1
  fi
  if [ "$ARCHITECTURE" != "x86_64" ]; then
    echo "ERROR: Python projects can be fuzzed on x86_64 architecture only."
    exit 1
  fi
fi

if [ -z "${SANITIZER_FLAGS-}" ]; then
  FLAGS_VAR="SANITIZER_FLAGS_${SANITIZER}"
  export SANITIZER_FLAGS=${!FLAGS_VAR-}
fi

if [[ $ARCHITECTURE == "i386" ]]; then
    export CFLAGS="-m32 $CFLAGS"
    cp -R /usr/i386/lib/* /usr/local/lib
fi
# JVM projects are fuzzed with Jazzer, which has libFuzzer built in.
if [[ $FUZZING_ENGINE != "none" ]] && [[ $FUZZING_LANGUAGE != "jvm" ]]; then
  # compile script might override environment, use . to call it.
  . compile_${FUZZING_ENGINE}
fi

if [[ $SANITIZER_FLAGS = *sanitize=memory* ]]
then
  # Take all libraries from lib/msan and MSAN_LIBS_PATH
  # export CXXFLAGS_EXTRA="-L/usr/msan/lib $CXXFLAGS_EXTRA"
  cp -R /usr/msan/lib/* /usr/local/lib/

  echo 'Building without MSan instrumented libraries.'
fi

# Coverage flag overrides.
COVERAGE_FLAGS_VAR="COVERAGE_FLAGS_${SANITIZER}"
if [[ -n ${!COVERAGE_FLAGS_VAR+x} ]]
then
  export COVERAGE_FLAGS="${!COVERAGE_FLAGS_VAR}"
fi

 # Don't need coverage instrumentation for engine-less, afl++ builds.
if [ $FUZZING_ENGINE = "none" ] || [ $FUZZING_ENGINE = "afl" ]; then
  export COVERAGE_FLAGS=
fi

# Rust does not support sanitizers and coverage flags via CFLAGS/CXXFLAGS, so
# use RUSTFLAGS.
# FIXME: Support code coverage once support is in.
# See https://github.com/rust-lang/rust/issues/34701.
if [ "$SANITIZER" != "undefined" ] && [ "$SANITIZER" != "coverage" ] && [ "$ARCHITECTURE" != 'i386' ]; then
  export RUSTFLAGS="--cfg fuzzing -Zsanitizer=${SANITIZER} -Cdebuginfo=1 -Cforce-frame-pointers"
else
  export RUSTFLAGS="--cfg fuzzing -Cdebuginfo=1 -Cforce-frame-pointers"
fi
if [ "$SANITIZER" = "coverage" ]
then
    # link to C++ from comment in f5098035eb1a14aa966c8651d88ea3d64323823d
    export RUSTFLAGS="$RUSTFLAGS -Zinstrument-coverage -C link-arg=-lc++"
fi

# Add Rust libfuzzer flags.
# See https://github.com/rust-fuzz/libfuzzer/blob/master/build.rs#L12.
export CUSTOM_LIBFUZZER_PATH="$LIB_FUZZING_ENGINE_DEPRECATED"
export CUSTOM_LIBFUZZER_STD_CXX=c++

export CFLAGS="$CFLAGS $SANITIZER_FLAGS $COVERAGE_FLAGS"
export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA"

if [ "$FUZZING_LANGUAGE" = "python" ]; then
  sanitizer_with_fuzzer_lib_dir=`python3 -c "import atheris; import os; print(atheris.path())"`
  sanitizer_with_fuzzer_output_lib=$OUT/sanitizer_with_fuzzer.so
  if [ "$SANITIZER" = "address" ]; then
    cp $sanitizer_with_fuzzer_lib_dir/asan_with_fuzzer.so $sanitizer_with_fuzzer_output_lib
  elif [ "$SANITIZER" = "undefined" ]; then
    cp $sanitizer_with_fuzzer_lib_dir/ubsan_with_fuzzer.so $sanitizer_with_fuzzer_output_lib
  fi

  # Disable leak checking as it is unsupported.
  export CFLAGS="$CFLAGS -fno-sanitize=function,leak,vptr,"
  export CXXFLAGS="$CXXFLAGS -fno-sanitize=function,leak,vptr"
fi

# Copy latest llvm-symbolizer in $OUT for stack symbolization.
cp $(which llvm-symbolizer) $OUT/

# Copy Jazzer to $OUT if needed.
if [ "$FUZZING_LANGUAGE" = "jvm" ]; then
  cp $(which jazzer_agent_deploy.jar) $(which jazzer_driver) $OUT/
  jazzer_driver_with_sanitizer=$OUT/jazzer_driver_with_sanitizer
  if [ "$SANITIZER" = "address" ]; then
    cp $(which jazzer_driver_asan) $jazzer_driver_with_sanitizer
  elif [ "$SANITIZER" = "undefined" ]; then
    cp $(which jazzer_driver_ubsan) $jazzer_driver_with_sanitizer
  elif [ "$SANITIZER" = "coverage" ]; then
    # Coverage builds require no instrumentation.
    cp $(which jazzer_driver) $jazzer_driver_with_sanitizer
  fi

  # Disable leak checking since the JVM triggers too many false positives.
  export CFLAGS="$CFLAGS -fno-sanitize=leak"
  export CXXFLAGS="$CXXFLAGS -fno-sanitize=leak"
fi

if [ "$SANITIZER" = "introspector" ]; then
  export LDFLAGS="-fuse-ld=gold"
  export AR=llvm-ar
  export RANLIB=llvm-ranlib

  # Move ar and ranlib
  mv /usr/bin/ar /usr/bin/old-ar
  mv /usr/bin/ranlib /usr/bin/old-ranlib

  ln -sf /usr/local/bin/llvm-ar /usr/bin/ar
  ln -sf /usr/local/bin/llvm-ranlib /usr/bin/ranlib
fi

echo "---------------------------------------------------------------"
echo "CC=$CC"
echo "CXX=$CXX"
echo "CFLAGS=$CFLAGS"
echo "CXXFLAGS=$CXXFLAGS"
echo "RUSTFLAGS=$RUSTFLAGS"
echo "---------------------------------------------------------------"

BUILD_CMD="bash -eux $SRC/build.sh"

# Set +u temporarily to continue even if GOPATH and OSSFUZZ_RUSTPATH are undefined.
set +u
# We need to preserve source code files for generating a code coverage report.
# We need exact files that were compiled, so copy both $SRC and $WORK dirs.
COPY_SOURCES_CMD="cp -rL --parents $SRC $WORK /usr/include /usr/local/include $GOPATH $OSSFUZZ_RUSTPATH /rustc $OUT"
set -u

if [ "$FUZZING_LANGUAGE" = "rust" ]; then
  # Copy rust std lib to its path with a hash.
  export rustch=`rustc --version --verbose | grep commit-hash | cut -d' ' -f2`
  mkdir -p /rustc/$rustch/
  cp -r /rust/rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/ /rustc/$rustch/
fi

if [ "${BUILD_UID-0}" -ne "0" ]; then
  adduser -u $BUILD_UID --disabled-password --gecos '' builder
  chown -R builder $SRC $OUT $WORK
  su -c "$BUILD_CMD" builder
  if [ "$SANITIZER" = "coverage" ]; then
    # Some directories have broken symlinks (e.g. honggfuzz), ignore the errors.
    su -c "$COPY_SOURCES_CMD" builder 2>/dev/null || true
  fi
else
  $BUILD_CMD
  if [ "$SANITIZER" = "coverage" ]; then
    # Some directories have broken symlinks (e.g. honggfuzz), ignore the errors.
    $COPY_SOURCES_CMD 2>/dev/null || true
  fi
fi

if [ "$SANITIZER" = "introspector" ]; then
  unset CXXFLAGS
  unset CFLAGS
  apt-get install -y libjpeg-dev zlib1g-dev
  pip3 install --upgrade setuptools
  pip3 install cxxfilt pyyaml beautifulsoup4 lxml soupsieve matplotlib
  mkdir -p $SRC/inspector

  find $SRC/ -name "*.data" -exec cp {} $SRC/inspector/ \;
  find $SRC/ -name "*.data.yaml" -exec cp {} $SRC/inspector/ \;
  # Move coverage report.
  if [ -d "$OUT/textcov_reports" ]
  then
    cp $OUT/textcov_reports/*.covreport $SRC/inspector/
  fi  
  
  cd $SRC/inspector

  # Correlate fuzzer binaries to fuzz-introspector's raw data
  python3 /fuzz-introspector/post-processing/main.py correlate --binaries_dir=$OUT/

  # Generate fuzz-introspector HTML report, this generates
  # the file exe_to_fuzz_introspector_logs.yaml
  REPORT_ARGS="--target_dir=$SRC/inspector"
  # Only pass coverage_url when COVERAGE_URL is set (in cloud builds)
  if [[ ! -z "${COVERAGE_URL+x}" ]]; then
    REPORT_ARGS="$REPORT_ARGS --coverage_url=${COVERAGE_URL}"
  fi
  # Use the just-generated correlation file
  REPORT_ARGS="$REPORT_ARGS --correlation_file=exe_to_fuzz_introspector_logs.yaml"
  python3 /fuzz-introspector/post-processing/main.py report $REPORT_ARGS

  cp -rf $SRC/inspector $OUT/inspector
fi

if [[ "$FUZZING_ENGINE" = "dataflow" ]]; then
  # Remove seed corpus as it can be huge but is not needed for a dataflow build.
  rm -f $OUT/*.zip
fi
